Operational risk covers all loss risks arising from inadequate or failed internal processes, staff and systems or from external events β including cyberattacks, system failures and supplier failures.
Types of operational risks
Operational risks fall into four categories: (1) process risks β errors in internal procedures, (2) people risks β human error or fraud, (3) system risks β IT failures, cyberattacks, software errors, (4) external events β natural disasters, supplier failures, regulatory changes. Supplier risks fall primarily into the external events category.
The failure of a critical supplier is an operational risk with direct impact on business processes, revenue and compliance.
Operational risk and DORA
DORA explicitly addresses operational risks in the financial sector β particularly ICT-related operational risks. Financial entities must systematically identify, classify and manage ICT risks. ICT third-party risk β the risk from external IT service providers β is a central element of DORA risk management.
DORA Art. 5-14 defines requirements for ICT risk management β operational resilience is the overarching objective.
Measuring and managing operational risks
Operational risks are measured via Key Risk Indicators (KRIs), scenario analyses and loss data collections. In the supplier context, 360TPRM delivers continuous risk indicators for external providers β cyber risk scores, exposure data and breach intelligence in real time.
360TPRM delivers real-time KRIs for all suppliers β as an objective basis for operational risk management.
FAQ
Minimise operational risks from suppliers
See in a 45-minute demo how 360TPRM specifically meets your requirements.
Request free demo β